They describe the attack as limited in nature, probably in use as a targeted attack. But as they say, it's a safe assumption that before too long the exploit of Acrobat Reader will be in every exploit pack and widely abused. They have tested it in Acrobat Reader, not the full Acrobat product, but assume it will work there as well.

Malicious PDFs utilizing this attack use Javascript inside the PDF for a "heap spray," an operation that writes exploit shell code and complementary data in the heap, the main data area of memory. The exploit then transfers CPU control to some semi-arbitrary address and eventually finds its way to the shell code, and the exploit proceeds. (For more see "NOP Slide".) Because of the nature of the attack, it could be possible that it works on any x86 platform that supports Acrobat Reader, not just Windows. But we have no clear information on this.

Shadowserver Foundation says that the attack is detected by Trend Micro as TROJ_PIDIEF.IN. The Trend description of that attack is rather uninteresting. It conveys less urgency than the Shadowserver description and mentions no vulnerability.

Shadowserver also reports that they believe Adobe is aware of the problem and at work on it.

[Update: Adobe is now acknowledging the problem. They say they are working on it and will have a solution "by March 11th, 2009." Reader and the full Acrobat product are vulnerable they say, in versions 7, 8 and 9, and updates for all will be provided. In the meantime they are working with anti-malware vendors to help them detect exploits of the vulnerability.]